eEye Digital Security

Conficker Worm Free Network Scanner

The Conficker worm utilizes a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems). The Conficker worm will also spawn remote access backdoors on the system and attempt to download additional malware to further infect the host.

System Requirements

• Operating System: Windows 2000/XP/2003 (32-bit)
• Internet Explorer Version 5.01 or higher
• System RAM: 128 MB
• Storage: 20 MB

http://www.eeye.com/html/downloads/other/ConfickerScanner.html

Additonal information:
Installer File Size: ~ 1.8MB
Memory Footprint: ~6MB (XP Pro)
Amount of Targets: 256 IP's (Class C)

Options:
Timeout (secs): Time to wait for network responses from scanned systems.
Max Threads: Number of simultaneous targets to scan.
Resolve Scanned IPs:  Display the DNS name of the scanned systems as well as the IP address.
Show Only Vulnerable Servers:  Display only systems that are "Vulnerable" or "Infected".

And (why not...), a screen shot:

Other comments:
Scanned my Class C home network in under 30 seconds.  I only have 5 systems, none of which were infected, but my one virtual machine was unpatched for MS08-067 and the free scanner reported it.  Performance is what you'd expect out of a Retina-based scanner--fast.  I'd recommend checking out "Help Topics" under the Help menu since it describes the Results as well as usage instructions -- it's literally a 10 second read.  (also can be found in %ProgramFiles%\eEye Digital Security\Conficker Worm Scanner ClassC\help.html).

 I downloaded this to one of our Windows Server 2000 machines and instructed it to scan the network. 2 hours later it is not showing me anything in the scanned IP window. Did I do something wrong?

Heres the end of the log:

W32N_OpenAdapter(\Device\{0A10FEF6-1E9F-44AA-9AB9-C60016BBC8A6})
[err] Can not open adapter.
ScanCore_OpenDevice : Can not open device. result=2

Joe

Is it possible to download it for private use? I have a friend with a small network of 3 computers and would like to check if he's infected or not.

Best,

Art

 You should be able to.  Just go to the link and fill in the form data and you should be able to get a download link sent to you.

http://www.eeye.com/html/downloads/other/ConfickerScanner.html

fairfax:

Is it possible to download it for private use? I have a friend with a small network of 3 computers and would like to check if he's infected or not.

Best,

Art

Yep, it's free.

Blue1978:

 You should be able to.  Just go to the link and fill in the form data and you should be able to get a download link sent to you.

http://www.eeye.com/html/downloads/other/ConfickerScanner.html

Someone is quick on the draw.  Haha